As the number of reported security breaches continues to rise, many individuals and businesses are asking what can be done to further defend against cyber crime. One approach that has drawn much attention lately is encryption. By encoding messages so that only authorized parties can read it, information is kept more secure. About P2PE and Security …
Since the announcement of the Target security breach in December of 2013, a string of similar intrusions have affected retailers including Home Depot, SuperValu, Kmart, Goodwill, UPS Stores, Dairy Queen, and Jimmy Johns. In fact, SuperValu announced on September 29, 2014 that they had experienced a second intrusion separate from their August 14, 2014 announcement. It seems that no retailer is safe, …
With the recent spree of credit card breaches, the press has used the terms “identity theft” and “credit card fraud” together so frequently that the two crimes have become synonymous. However, there is a distinct difference between these two crimes. While credit card fraud is a form of identity theft, true identity theft is far more serious. …
Identity Theft and Credit Card Theft – What’s the Difference? Read More »
As credit card fraud has increased in recent months, merchants have worked towards replacing the traditional magnetic stripe credit card with the more secure “Chip & PIN“, “encrypted swipe”, or “EMV” solution. As the momentum builds towards this enhanced security solution for card transactions, it’s worthwhile to understand what this new technology means for consumers …
Still unsure how to secure your information? It may not seem like there is much you can do to counteract hackers. The image that comes to mind is one of mysterious, computer-savvy supervillains preying on helpless victims whose futile efforts are the equivalent of plastering the Hoover Dam with Scotch tape to prevent leaks. But …
Thank you to all of our clients. As you can see from the map of our clients’ locations, our reach has extended nationwide and internationally. We close out 2014 with gratitude to you for helping our business grow, and we hope that our services allowed you to grow your business as well. We look forward …
When securing critical systems and sensitive data, companies immediately think of firewalls, intrusion prevention systems, anti-virus software, and other similar protections. Although these safeguards are essential to overall information security, companies tend to overlook what has evolved into the weakest link in the security chain: the company employees. By neglecting to include employees when considering …
In a notification to QSAs and ASV providers, the PCI SSC announced that in order to address a few minor updates, clarifications, and one impacting change, there will be a revision for PCI DSS and PA-DSS v3.0 in the very near future. The impacting change is related to several vulnerabilities in the SSL protocol. In …
Notice: PCI DSS and PA-DSS v3.1 Revisions Coming Read More »
As a follow-up to our recent blogpost on social engineering, this article explains more about baiting, the specific type of social engineering where criminals use malware-laden devices to manipulate employees into providing access to a company’s sensitive information. Similar to other types of social engineering, baiting relies on an employee’s lapse of judgment to create a weakness …
The National Institute of Standards and Technology (NIST) has identified the Secure Socket Layers (SSL) v3.0 protocol (a cryptographic protocol designed to provide secure communications over a computer network) as no longer being acceptable for protection of data due to inherent weaknesses within the protocol. Because of these weaknesses, no version of SSL meets PCI …
Notice: NIST Deems SSL No Longer Acceptable for Secure Communication Read More »
